CVE-2011-1128

EPSS 0.7%
Veröffentlicht 21.06.2011 02:52:42
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simplemachines ≫ Smf Version <= 1.1.12

Simplemachines ≫ Smf Version1.0

Simplemachines ≫ Smf Version1.0 Updatebeta4

Simplemachines ≫ Smf Version1.0 Updatebeta4.1

Simplemachines ≫ Smf Version1.0 Updatebeta5

Simplemachines ≫ Smf Version1.0 Updatebeta6

Simplemachines ≫ Smf Version1.0 Updaterc1

Simplemachines ≫ Smf Version1.0 Updaterc2

Simplemachines ≫ Smf Version1.0.1

Simplemachines ≫ Smf Version1.0.2

Simplemachines ≫ Smf Version1.0.3

Simplemachines ≫ Smf Version1.0.4

Simplemachines ≫ Smf Version1.0.5

Simplemachines ≫ Smf Version1.0.6

Simplemachines ≫ Smf Version1.0.7

Simplemachines ≫ Smf Version1.0.8

Simplemachines ≫ Smf Version1.0.9

Simplemachines ≫ Smf Version1.0.10

Simplemachines ≫ Smf Version1.0.12

Simplemachines ≫ Smf Version1.0.13

Simplemachines ≫ Smf Version1.0.14

Simplemachines ≫ Smf Version1.0.15

Simplemachines ≫ Smf Version1.0.16

Simplemachines ≫ Smf Version1.0.17

Simplemachines ≫ Smf Version1.0.18

Simplemachines ≫ Smf Version1.0.19

Simplemachines ≫ Smf Version1.0.20

Simplemachines ≫ Smf Version1.0.21

Simplemachines ≫ Smf Version1.1

Simplemachines ≫ Smf Version1.1 Updatebeta1

Simplemachines ≫ Smf Version1.1 Updatebeta2

Simplemachines ≫ Smf Version1.1 Updatebeta3

Simplemachines ≫ Smf Version1.1 Updatebeta4

Simplemachines ≫ Smf Version1.1 Updaterc1

Simplemachines ≫ Smf Version1.1 Updaterc2

Simplemachines ≫ Smf Version1.1 Updaterc3

Simplemachines ≫ Smf Version1.1.1

Simplemachines ≫ Smf Version1.1.2

Simplemachines ≫ Smf Version1.1.3

Simplemachines ≫ Smf Version1.1.4

Simplemachines ≫ Smf Version1.1.5

Simplemachines ≫ Smf Version1.1.6

Simplemachines ≫ Smf Version1.1.7

Simplemachines ≫ Smf Version1.1.8

Simplemachines ≫ Smf Version1.1.9

Simplemachines ≫ Smf Version1.1.10

Simplemachines ≫ Smf Version1.1.11

Simplemachines ≫ Smf Version2.0 Updatebeta1

Simplemachines ≫ Smf Version2.0 Updatebeta2

Simplemachines ≫ Smf Version2.0 Updatebeta2.1

Simplemachines ≫ Smf Version2.0 Updatebeta3

Simplemachines ≫ Smf Version2.0 Updatebeta3.1

Simplemachines ≫ Smf Version2.0 Updatebeta4

Simplemachines ≫ Smf Version2.0 Updaterc1

Simplemachines ≫ Smf Version2.0 Updaterc2

Simplemachines ≫ Smf Version2.0 Updaterc3

Simplemachines ≫ Smf Version2.0 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.711

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

Patch

http://www.openwall.com/lists/oss-security/2011/02/22/17

Patch

http://www.openwall.com/lists/oss-security/2011/03/02/4

Patch

http://www.simplemachines.org/community/index.php?topic=421547.0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-1128

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1128

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1128

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-1128